Wednesday Jan 05, 2011

IRM and Consumerization

tablet.png
As the season of rampant consumerism draws to its official close on 12th Night, it seems a fitting time to discuss consumerization - whereby technologies from the consumer market, such as the Android and iPad, are adopted by business organizations.

I expect many of you will have received a shiny new mobile gadget for Christmas - and will be expecting to use it for work as well as leisure in 2011. In my case, I'm just getting to grips with my first Android phone.

This trend developed so much during 2010 that a number of my customers have officially changed their stance on consumer devices - accepting consumerization as something to embrace rather than resist.

Clearly, consumerization has significant implications for information control, as corporate data is distributed to consumer devices whether the organization is aware of it or not. I daresay that some DLP solutions can limit distribution to some extent, but this creates a conflict between accepting consumerization and frustrating it.

So what does Oracle IRM have to offer the consumerized enterprise?

First and foremost, consumerization does not automatically represent great additional risk - if an enterprise seals its sensitive information. Sealed files are encrypted, and that fundamental protection is not affected by copying files to consumer devices. A device might be lost or stolen, and the user might not think to report the loss of a personally owned device, but the data and the enterprise that owns it are protected.

Indeed, the consumerization trend is another strong reason for enterprises to deploy IRM - to protect against this expansion of channels by which data might be accidentally exposed. It also enables encryption requirements to be met even though the enterprise does not own the device and cannot enforce device encryption.

Moving on to the usage of sealed content on such devices, some of our customers are using virtual desktop solutions such that, in truth, the sealed content is being opened and used on a PC in the normal way, and the user is simply using their device for display purposes. This has several advantages:

  • The sensitive documents are not actually on the devices, so device loss and theft are even less of a worry
  • The enterprise has another layer of control over how and where content is used, as access to the virtual solution involves another layer of authentication and authorization - defence in depth
  • It is a generic solution that means the enterprise does not need to actively support the ever expanding variety of consumer devices - the enterprise just manages some virtual access to traditional systems using something like Oracle Secure Global Desktop  or Citrix or Remote Desktop.
  • It is a tried and tested way of accessing sealed documents. People have being using Oracle IRM in conjunction with virtual desktops for several years.

For some scenarios, we also have the "IRM wrapper" option that provides a simple app for sealing and unsealing content on a range of operating systems.

We are busy working on other ways to support the explosion of consumer devices, but this blog is not a proper forum for talking about them at this time. If you are an Oracle IRM customer, we will be pleased to discuss our plans and your requirements with you directly on request. You can be sure that the blog will cover the new capabilities as soon as possible.

Thursday Dec 23, 2010

Oracle IRM Desktop update

 

christmas-presents.jpg

Just in time for Christmas, we have made a fresh IRM Desktop build available with a number of valuable enhancements:

 


  • Office 2010 support
  • Adobe Reader X support
  • Enhanced compatibility with SharePoint
  • Ability to enable the Sealed Email for Lotus Notes integration during IRM Desktop installation

 

The kit is currently available as a patch that you can access by logging in to My Oracle Support and looking for patch 9165540. The patch enables you to download a package containing all 27 language variants of the IRM Desktop. We will be making the kit available from OTN as soon as possible, at which time you will be able to pick a particular language if preferred.

Thursday Dec 09, 2010

Setting Up IRM Test Content

A feature of the 11g IRM Server that sometimes gets overlooked is the ability to set up some test content that any IRM user can access to verify that their IRM Desktop can reach the server, authenticate successfully, and render protected content successfully. Such test content is useful for new users, and in troubleshooting scenarios.

Here's how to set up some test content...

In the management console, go to IRM - Administration - Test Content, as shown.

em-test-menu.png

The console will display a list of test content - initially an empty list.

Use the Add option to specify the URL of a document or image, and define one or more labels for the test content in whichever languages your users favour.

em-add-content.png

Note that you do not need to seal the image or document in order to use it as test content. Nor do you need to set up any rights for the test content. The IRM Server will handle the sealing and rights assignment automatically such that all authenticated users are authorised to view the test content.

Repeat this process for as many different types of content as you would like to offer for test purposes - perhaps a Word document, a PDF document, and an image.

To keep things simple the first time I did this, I used the URL of one of the images in the IRM Server's UI - so there was no problem with the IRM Server being able to reach that image. Whatever content you want to use, the IRM Server needs to be able to reach it at the URL you specify.

Using Test Content

Open a browser and browse to the URL that the IRM Desktop normally uses to access the IRM Server, for example:

http://irm11g.oracle.com/irm_desktop

If you are not sure, you can find this URL in the Servers tab of the IRM Options dialog.

Go to the Test tab, and you will see your test content listed. By opening one of the items, you can verify that your IRM Desktop is healthy and that you can authenticate to the IRM Server.

test-page.png

Thursday Oct 28, 2010

How to Get the Most Bang for Your Information Security Buck

profit_logo.gif

I was recently asked to write an article for one of the Oracle publications, Profit Online, commenting on the recent PricewaterhouseCoopers global survey on security. The article discusses the state of securty budgets, their effect on the information security or business and the awareness of and increasing threat from security incidents. You can read the full article over at oracle.com.

Monday Oct 18, 2010

Document security in the real world, experience from the field

BrandonCrossLogo.png
I've invited Justin Cross from Brandon Cross Technologies to share some of the experience gained in the industry when implementing IRM solutions. So over to you Justin...

I began working with IRM at SealedMedia and I have seen it grow and mature through the refinement which only comes from many, many real world deployments, where we need to apply thoughtful consideration to the protection of real business information, against real security risks; while keeping real business users happy and assured that the technology wont get in the way.

I decided take on the challenge of forming my own company, Brandon Cross Technologies, just as SealedMedia were being acquired by Oracle. As Brandon Cross Technologies I've had the good fortune of working with a number of vendors, including Oracle, to provide the consultancy to successfully deploy software which requires an understanding of how software really gets used in practice, by real people, as well the technical know-how.

We have recently been working with some of the largest oil & gas and telecom companies, among others, to deploy their IRM solutions to address their concerns regarding the dramatic increase in data security threats.

 

Secure from the inside


Despite the best efforts of virus checkers and firewalls, platform vulnerabilities and malware provide lots of scope for bad guys to punch holes in your defences, disrupt your systems, and steal your data. If you ensure your own business users can only access and use information they legitimately require, while retaining the ability to revoke that access, then any external threat will be no more able to extract information from your organisation than your own people. Information Rights Management therefore enables us to limit the threat from perimeter security breaches, as well as potential misuse of information by legitimate business users.

 

 

User buy-in


As with other security solutions, successful IRM deployments must be simple to use and work without impeding existing business processes. Any solution which slows or limits a business user's ability to do their daily work will be unpopular, but more importantly the user may actually end up putting business information at greater risk by avoiding such systems. In the case of IRM, users may create, request, distribute or keep unprotected files, or use an IRM Context or document classification intended for less sensitive information to avoid the more stringent controls intended by the business.

 

Of course once information is IRM protected it is under the full control of the appropriate information owner; but it does need to be sealed / protected in the first place. Protecting information using IRM needs to be a continual, business-as-usual process. While IRM provides simple tools to protect information, manual protection does involve the user making the decision to protect information as it is created, and being in the habit of doing so. This can be addressed through creation of clear guidelines, policy requirements and training.

 

Integrated solutions


Protecting information using IRM should be performed at the earliest point in the information life cycle. One way to ensure information is appropriately secured using IRM is to automate the protection / sealing process. Oracle IRM has open programmatic interfaces which allow information to be sealed and for rights to be programmatically managed. This allows IRM protection to be integrated with other content management, workflow and security products.

 

For example Oracle IRM can be integrated with SharePoint, ensuring that any documents which are added into a SharePoint site are automatically IRM protected as they are uploaded. Information is then protected in storage, protecting against privileged users with server access, while still allowing documents to be found by keyword search using Oracle's unique search capabilities. Automated protection can therefore allow users to collaborate in the normal way without having to make the conscious decision to protect it first, or even needing to be aware that such a step is necessary. In this way, taking the manual protection step away from users, the level of usage and consistency with which IRM protection is applied can be substantially improved.

Another policy enforcement technology which can be used in conjunction with IRM is DLP (Data Loss Prevention). There are a variety of vendors which provide DLP solutions and, as with IRM, these solutions work in a variety of ways with different features and capabilities. What they do have in common is the ability to monitor the movement of data within your organisations network, with many also having the ability to control that movement. Some will purely monitor network communications using dedicated network appliances; others monitor file system, device and inter-process communications at the desktop. These capabilities can be used to make sure data does not leave your systems and networks without the necessary IRM protection being applied.

 

Brandon Cross Technologies


Brandon Cross Technologies is based in the UK, but has delivered projects internationally. It believes it is possible to take the pain and uncertainty out of deploying client-server and web based technologies, simply through listening to customers and sharing experience and expertise.

 

http://www.brandoncross.co.uk/
http://www.irmprotection.co.uk/

Thursday Oct 14, 2010

New Release of Oracle IRM Wrapper version 1.5.0

The wrapper tool has been updated again - this time to provide an installer script for Linux systems, and to improve compatibility between the IRM Desktop and the wrapper when installed on the same machine.

For further info, see the 1.4.0 announcement.

If you download and experiment with this tool, drop us a line to let us know how you get on.

Tuesday Oct 12, 2010

Quick guide to Oracle IRM 11g: Sample use cases

Quick guide to Oracle IRM 11g index

Oracle-IRM-Quick-Guide-Logo-Regular.gif
If you've been following this guide step by step, you'll now have a fully functional IRM service and a good understanding of how to start creating some contexts to match your business needs to secure content. The classification design article in the guide goes over some essential advice in creating your classification model in IRM and what follows is additional information in the form of common use cases that I see a lot in our customers. For each I'll walk through the important decisions made and resulting context design to help you understand how IRM is used in the real world.

Contents

Work in progress

Let's look at the use case of a financial reporting process where highly sensitive documents are created by a small group of executives. These work in progress (WIP) documents may change content quickly during review and therefore it is important that the wrong and inaccurate versions of the documents do not end up outside the working group. Once a document is ready for wider review it is then secured against another context with a much wider readership. All the unapproved documents are still secured against a context available only to the initial working group. Finally the document is approved to be published and becomes public knowledge. At which time the document may change format, e.g. from a sealed Word document to an unprotected PDF which has no IRM protection at all. This is a nice example of how IRM can protect content through its life.

Financial Reports - Work In Progress (Standard template)
Role Assigned Users & Groups
Contributor Finance Executives
Reviewer Company Board
Reader - No Print bill.smith@abc-attorneys.com
Financial Reports - Review (Standard template)
Contributor david.lee (VP of Finance)
alex.johnson (CFO)
Reviewer Legal Executives
Finance Executives
Company Board
bill.smith@abc-attorneys.com
Financial Reports - Published (Export template)
Contributor with export alex.johnson (CFO)

The first context secures work in progress content. Participants are identified as those who are involved in the creation and review of the information and are given contributor and reviewer roles respectively. Note that in this use case there is an attorney privy to the information who is external to the company. However due to the sensitive nature of the material, this external person has been given very restrictive rights, essentially they can only open the content, no printing, editing etc. The offline period for this role may be a matter of hours, allowing the revocation of access to the documents in a very timely manner.

After several iterations of the report have been created, it needs to be reviewed by a wider audience of executives. At this point David Lee (VP of finance) or Alex Johnson (CFO) have the authority to reseal the latest revision to the review context. Therefore there is a trust relationship between the WIP context and the Review context to allow this information to be reclassified. David and Alex are the only authorized users to be able to perform this task and therefore provide a control point for the reclassification of information. Note also that the external attorney now has the ability to review this reclassified document. The Reviewer role allows them to edit, print and use the clipboard within the bounds of the document. Their access to the previous, more sensitive versions remains unchanged.

One aspect of the reviewer role is that in Word change tracking is enforced. This means that every change made in the entire review process is tracked. Up until this enforcement with Oracle IRM, change tracking in Word was only useful if you trusted the end user to not switch it off. IRM brings security to this simple functionality and makes it a powerful tool for document review. Imagine if this was a contract negotiation process, you can be assured that every change to the contract has been recorded.

Finally, the last stage of the life cycle for this financial document is the approval of the report to be released to the investors, employees and the public at large. There is one more context which only the CFO has access to. This context allows for the export of the unprotected document so that it resides outside the realm of IRM security. Such a powerful role is only given to a highly trusted executive, in this example the VP. Again, IRM still protects all the previous versions of content that contain information not appropriate for public consumption.

All the steps in this use case are easy and familiar for the users. All they are doing is opening, editing and working with Word and Excel documents, activity they are used to performing. They may find a slight inconvenience if they are prevented from printing or cut and pasting content into a non-secure location, but overall they require little to no training on how to use IRM content.

Using IRM with a classification model

There are customers with a very mature security strategy which includes a clearly defined and communicated classification policy implemented with procedures and technology to enforce controls and provide monitoring. When IRM is added to the mix of security technologies it is common for the customer to ask how to implement their existing security classification system within IRM. When we deployed IRM at Oracle this was the first point of reference when trying to determine the correct convention for the creation of IRM contexts.

Before we go into the detail of this, it is worth noting that in this use case we are manually recreating elements of an existing security policy inside IRM. There may well be a situation where another product contains all this logic and replicating the information inside IRM would be redundant and costly. For example the Oracle Beehive 2.0 platform is integrated with IRM and as such IRM doesn't use the built in context model but simply leverages the existing security model inside Beehive. So it is possible for Oracle IRM to externalize the entire classification system. This however requires consulting effort which may or may not be appropriate for the return in automation.

But back on topic, let's look at what a security classification model looks like. A common standard that people work to is the ISO 17799 guidelines which was the result of a group of organizations documenting their best practice for security classification. Below is an example of the sort of classification system ISO 17799 recommends.

Level Class Description
1 Top Secret Highly sensitive information about strategies, plans, designs, mergers & acquisitions
2 Highly Confidential Serious impact if shared internally or made public
3 Proprietary Procedures, project plans, specifications and designs for use by authorized personnel
4 Controlled For controlled use within the extended enterprise, but not approved for public circulation
5 Public Information in the public domain

There is an increase in sensitivity of information as you move from bottom to the top of this table. Inversely, the amount of information that is classified decreases as you increase the level of classification. This is important because as you wish to create a model for protecting top secret information, you need to have more control over who can open the documents and who has the power to assign new rights to people. This increases the administration of the solution because someone has to make these decisions. Luckily IRM places this control in the hands of the business users, so those managing top secret contexts are the people who are working with the top secret information. A good example is in Oracle we have a single classification across the entire company for controlled information. Everyone in Oracle has access to this and the provisioning of rights is automatic. However when IRM is used to protect mergers and acquisitions (M&A) documents in Oracle, very top secret information, a small group of users have access and only one or two people can administrate the context. These people however are the ones directly involved in the M&A activity.

Public

Looking at each of these we can determine how IRM might apply. For publicly classified content the response is immediate and quite obvious. You don't use IRM because the information has low to zero risk from a security perspective and therefore requires no controls. However there have been times where documents may be sealed to a public context simply to provide usage statistics.

Controlled

For controlled content there may be strong reasons to leverage IRM security. However the sensitivity of the information is such that the risks are relatively low. Therefore consider a single company, or at least department wide context. This is born from our best practice which leans towards a simple, wide context model which balances risk versus the usability and manageability of the technology. Essentially controlled information needs some level of security, but it isn't important enough to warrant a fine grained approach with a high cost of maintenance. Usually every professional member of staff is a contributor to the context which allows them to create new content, edit, print etc. This at a minimum provides security of content if it is accidentally lost, emailed to the wrong person outside the company and provides a clear indication that the information has some value and should be treated with due care and attention. Yes allowing everyone the ability to cut and paste information outside the IRM document exists, but disallowing this to a low level of classification may impact business productivity. If control of the information is that necessary, then it should result in a higher classification.

Business partners are given appropriate roles which allow them to open, print and interact with the content but not have the authority to create controlled information or copy and paste to other documents. For the rare exceptions where you wish to give access to un-trusted users you can create guest roles which are assigned as part of a work flow requesting for exceptions to the rule.

Proprietary

As we move up through the classification policy we find an increase in the need for security from finer grained control. Proprietary information carries with it a greater risk if exposed outside the company. Therefore the balance of risk and usability requires a finer granularity of access than a single context. So now you have to decide at what level of granularity these contexts are created and this varies. There are however some good common rules. Avoid a general "proprietary" context, this would undermine the value of the classification. Follow a similar pattern to the work-in-progress use case defined above. Be careful to not be too generous about assigning the contributor role, restricting this group guarantee's document authenticity. Remember with IRM you can add/change access rights at any time in the future, so here is a chance to start out with a limited list and grow as the business requires.

Highly Confidential

As we get closer to your organizations most important information, we start to see an increase in the amount of contexts you need to provide adequate security. Highly confidential information requires a high level of security and as such the risk versus usability trade off favors a more granular approach. Here you are identifying explicit business owners of classifications instead of groups of users or using an automated system for unchecked provisioning of access. Training increases a little here as well because as you hand these classifications into the business, they need to know how to administrate the classification and understand the impact of their assignments of rights. The contexts also become very specific in their naming because instead of relating to wide groups of data, they now apply to very specific, high risk information. The right level of granularity and administration is hard to predict, therefore always start with a few contexts initially and pilot with a small number of business units with well defined use cases. You will learn as you go the right approach and more contexts will emerge over time.

Top Secret

Last but most definitely not least, the Top Secret contexts. Sometimes these are the first to be created because they protect the most important documents in the company. These contexts are very controlled and tightly managed. Even the knowledge that these exist can be a security issue and as such the contexts are not visible to the support help desk. The number of top secret contexts is also typically very small due to the nature of the information. A company will only generate a small number of highly sensitive financial documents or a few critical documents which contain the secret sauce of the product your company creates. Top secret contexts also can have a short life span as they sometimes apply to a short lived, top secret project. Mergers and acquisitions is again another good example, these are often very top secret but also short lived. L1 classified contexts quite often contain external users, executives from a target acquisition or attorneys from your legal firm. But the sensitivity of the information means external users are closely monitored by the context managers.

Example context map

Typically to map a classification policy to IRM requires a business consulting project which asks each elements of the business how they use sensitive information, who should be able allowed to open and it and manage the access. At the end of this exercise you end up with a context map. This is a simple table which shows the IRM contexts and their relationship to the classification policy. Here is an example table from when we used the technology in SealedMedia before we were acquired by Oracle.

Top Secret Highly Confidential Proprietary Controlled
L1 L2 L3 L4
Board Communications Executive WIP Executive Company
Intellectual Property   Competitive  
Security Product Management WIP Product Management  
  Professional Services WIP Professional Services  
  Sales WIP Sales  
  Marketing WIP Marketing  
  Finance WIP Finance  
  Engineering WIP Engineering  
    External External

Note the use of the labels L1 through L4 to indicate level of sensitivity. This would be used as part of the actual context name, e.g. "L1 (Top Secret) Intellectual Property". This serves a few purposes, firstly if a user has access to many classifications, they will be listed in order or sensitivity with the most important at the top when users are making decisions about classification of documents. Also it makes it very clear how sensitive each classification is. If I attempt to open a document I do not have rights to, the IRM software redirects me to a web page informing me that I don't have access to "L1 (Top Secret) Security". Immediately I understand that I shouldn't be opening this top secret document because it is classified above my access level. Note that in the above map only ongoing contexts are documented. There may well be a context called "L1 (Top Secret) Smith versus Jones dispute" which would be used to secure the information about a highly confidential law suit. But this classification exists for only a short period of time and therefore is created as and when needed. The context map is designed to document classifications which will exist for ongoing future of the company.

Periodic expiry & version control

The last example in this set of use cases is when IRM can allow for the periodic expiry of access to information which in turn can also be used to implement security related version control. Consider the situation where your company has some very valuable product roadmap documents which detail information on the next release of your products. This information may have valuable insight to the direction of the company and the disclosure of such information to competitors, the press or just the general public may have a significant impact to your business. However road map information changes often and therefore not only do you need to ensure who has access to it, but ensure that authorized users are access the right versions. Another useful aspect of IRM is that you may wish to review who has access to your product road maps on a annual basis and examine if the rights model you've decided on is still appropriate, e.g. do you still want users to be able to print the documents. IRM can satisfy both of these requirements when you appropriately design the classification model. Consider the context below;

Context title 2010 L1 (Top Secret) Product Roadmap
Contributor VP Product Management
Item Readers Trusted users in the company who have been training on how to deliver product roadmap presentations and messaging
Context managers VP of product development and those who approve and verify the training of trusted users

This is a very simple definition of a context but a great demonstration of the powerful capabilities of Oracle IRM. The only person who can create product roadmap documents is the VP. This is because this person is the last point in the review and approval process and as such has the authority to reseal the final product roadmap document from the work in progress context to this published context. The Item Reader role by default gives no access to anything in the context. So as each person completes the product roadmap training, they are given the role Item Reader and at the same time you add the specific documents which they've been trained on. There is of course an administrative overhead here, if you have hundreds of users being trained a month, someone has to be administrating IRM. Using groups at this point does allow for the management to be simplified. You might have a group called "Trained 2010 product roadmap presentation field sales users" and this group has been given the Item Reader role with the document restriction of the current 2010 product roadmap presentation. Then the management of users who can access these documents is done in the user directory, such as managing group membership in Active Directory. A better solution for the management of this rights assignment would be to use a provisioning system such as the Oracle Identity Manager. Here you can centralize the workflow of users being trained and then not only give them access to the IRM context but also automate the provisioning to the location where the documents are stored.

ProductRoadmapItemLock.png

Periodic expiry

Because the context name is prepended with the year it means that in 2011 the owner of this classification needs to review this classification. This review may decide that users with the "Item Reader" role can be trusted to print the content and that the 2 week offline period is too long and should be reduced to 1 week. The use case may also require that for each year users must be trained on the presentation of product roadmap information. So the creation of a new context, "2011 L1 (Top Secret) Product Roadmap" is created with a blank list of Item Readers, ready for new trained users to be given access to the new product roadmap. All Item Readers in the 2010 context are then removed and in one simple action you now ensure that nobody can access the old, out dated 2010 information. Because Oracle IRM separates out all the access rights from the documents themselves, there is nothing else to do. You remove access from the server, and as the offline periods to these documents expire, so does the access. The advantage for this retirement of access to old content, is that in the future if you ever need to be able to access a product roadmap document from 2010, the IRM administrator can simply go back to the old context and give access to a specific person.

Version control

With the Item Reader role you are explicitly defining what documents users have access to. Whilst this might incur an administrative cost in maintaining this list, the value from a security perspective is very fine grained control and high visibility of who can access what. Another benefit of this is because Oracle IRM allows you to change your access rights at any time, you can update this list. So imagine that you have a group of trained users assigned with an Item Reader role that has version 1 of the product roadmap presentation listed. Then after a few months, the roadmap changes, as it often does and a new version 2 is created. After making this new version available somewhere you can now remove the groups access to version 1 and add version 2. What does this mean? Now everyone in that group trying to open version 1 is going to get an access denied message. But, this message is in the form of a web status page which you have full control over. You can now modify that status page to provide the link to the new version 2, which they do have the ability to open.

This is incredibly powerful. Not only is IRM providing the means to ensure only authorized users have access to your most sensitive information, but it is ensuring they can only access the latest versions of that information AND allowing you to easily communicate to them where to GET that latest version from.

These are just a few of the many uses for Oracle IRM, if you would like to discuss your own particular use cases and see how Oracle IRM can help, please contact us.

Tuesday Sep 28, 2010

PwC 2011 Global State of Information Security Survey

PWC-logo.png
PwC has just released the findings of an information security survey by PricewaterhouseCoopers, CIO Magazine and CSO Magazine. The survey contains responses from more than 12,840 CEOs, CFOs, CIOs, CSOs, vice presidents and directors of IT and information security in 135 countries. Quite a wide audience. The report focuses on the business drivers for information security spending and reveals that in general spending on security has flat lined or at least dropped in the past 12 months. Mostly due to lack of funds after a wildly unpredictable economic financial climate. There were some elements of the report I found intriguing given my knowledge of IRM and the problems it solves.

 

While the impacts of the downturn linger, risks associated with weaker partners have increased


So whilst organizations are not spending money on security, they do recognize that the risks of sharing information externally with partners is increasing because... their partners are also not investing in adequate security. It is a very obvious point to make, everyone is not adequately investing in security and yet there is a growing trend to outsourcing where more and more of your information is shared beyond your existing security perimeter. There is now much higher risk when relying more on external partners for your business to be effective but its a necessary evil. What if that partner is your cloud storage provider and you are about to undertake a migration of your content into their platform? Will it be secure?

 

 

Visibility of security breaches/incidents is increasing, as are the costs


The report also finds a healthy increase in the knowledge of security incidents. I would guess this is primarily an impact of regulatory requirements forcing the issue. More and more companies have to report data loss incidents and therefore they are deploying technologies and processes to become more visible of the events.

 

PWC-2010-SecurityIncidients12Months.png

Yet growing in the other direction is the cost awareness of data loss. In three years this number has doubled. So it's a simple summary. People know a lot more about the loss/breach of important information and it is costing them more. The graph below shows the significant increase in both the area of financial loss to the business as well as the loss of critical intellectual property. These results tally with the issues we've seen in the news over the past year. GM losing masses of hybrid research, Ford also losing lots of intellectual property. The health care industry is also reporting data loss incidents at an alarming rate.

PWC-2010-ImpactsToOrganization.png

Another main areas this risk is coming from is, and i'll quote the report "traced to employees and former employees, in line with the higher risks to security associated with salary freezes, job instability, layoffs and terminations and other HR challenges that rise during economic stress." The technology that is presenting the greatest risk is the social network. The channels of communication into and out of your business environment are increasing dramatically. No longer is it appropriate to monitor just email and the firewall. But you have to worry about USB devices, web based storage, social networks... and a lot of this activity happens outside the office whilst people are at home, in a hotel or on the move with their cell phones.

 

How does IRM help?


So where does a document security solution like IRM play into this? First let me summarize up what I think all the research is telling us...

 

Companies are more aware of security incidents and the threat is moving to the partners who are not spending enough to secure your information. The costs of losing information are increasing from both the impact to the business and the technology you need to buy to defend against the loss in the first place. More and more ways to lose information are now invading the enterprise and often they are beyond your control.

So consider the following advantages of a document security solution like Oracle IRM.

  • IRM moves your perimeter of security to the information itself. Instead of buying and deploying DLP, hard disk encryption, encrypted USB devices, simply deploy IRM and no matter where your sensitive documents and emails end up, they are only accessible by authorized persons and encrypted no matter where they are stored.
  • IRM can allow users to open, edit and review documents but prevent them from copying information from the document into an untrusted environment... Facebook, LinkedIn, unprotected Word and Excel documents. Of course it may not take much for a user to retype the information but one of the biggest issues around security is that of awareness. If a user can't easily copy information from a document, they know the information must be confidential.
  • Every single time an IRM protected document is created, opened, printed or saved, it is audited. This dramatically increases the visibility of who is doing what with your information. Also when end users know that by opening IRM documents they are leaving a trail of access, it decreases the likelihood they are going to misuse that information.
  • IRM is easy to deploy. The biggest advantage of IRM by far is that once a document has been secured, you have total control over who can open it. So the simplest deployment where you create one single classification for your entire business and secure all your confidential documents to it for use only by internal employees is quick and easy to do. Right now most organizations have millions, nay billions of documents floating around on partner file shares, employee laptops and the internet. IRM in one simple deployment brings a massive amount of value.
  • IRM does not suddenly impact your business effectiveness. Core to its design is a usable and scalable rights and classification model that puts the decision making on user access into the business. Enormous effect has been invested in making the use of Oracle IRM protected documents simple and easy for authorized users.

 

Have a look at some of the videos on our YouTube channel, or get in touch if you'd like to know more about how this solution works.

Monday Sep 27, 2010

New release of Oracle IRM Wrapper version 1.4.0

Yet another release of a highly useful tool in the Oracle IRM kit bag. The Oracle IRM Wrapper is a Java based client which demonstrates some of the powerful ways in which you can create extensions of the Oracle IRM technology to extend the protection of files beyond the out of the box features. The IRM Wrapper uses the IRM API to allow for the encryption of any file, similar in nature to functionality as PGP, however with the difference that the rights control of decrypting files is the same powerful classification system that is used across the usual gambit of IRM files.

In this release support for existing sealed extensions has been added. This is a significant feature because it means that files wrapped by Oracle IRM Wrapper can be opened by the Oracle IRM desktop, and files sealed by the Oracle IRM desktop can be unwrapped by Oracle IRM Wrapper. In a mixed community of end users, where most have the Oracle IRM desktop installed but some do not (they may be on MacOS or Linux), no users need be excluded from workflows - they can all use the same sealed files! It is only necessary to add the Wrapper users to a special group assigned a role with unrestricted export rights.

Download this latest version from here.

 


  • NEW! Support for sealed extensions, e.g. .sdoc, .spdf
  • Installation scripts for easy installation on Windows and MacOS X
  • Written in 100% pure Java so runs on any Java-compatible operating system
  • Internationalized and localized into English, Japanese and (bad) schoolboy French
  • Right-click wrapping and unwrapping
  • Easily configure per-context drag-n-drop wrapping icons on your desktop
  • Automatically checks that you have the rights to wrap and unwrap files
  • Automatically select a default context
  • More robust configuration handling (ignores leading or trailing whitespace)

 

And a few screen shots of the tool running in Windows and Linux.

IRM_Wrapper_On_Linux.png

IRM_Wrapper_On_Windows.png

Security in the Enterprise 2.0 World: Conflicts of collaboration

CMSWireLogo_v2-02.png
I was recently asked to be a guest author on CMSwire.com to comment on the challenges of security in the Enterprise 2.0 (E2.0) world. Having worked in both E2.0 and security, I have a good perspective.

As E2.0 brings web 2.0 into the enterprise it runs directly into the issues of security, compliance and regulation. It's a big challenge and a big contradiction. The business wants to use all these amazing new ways to share content, but the same business also needs to ensure that only the right people can get access to it.
And What About the Cloud?

Then there is the cloud. Cloud, cloud, cloud, it's on every webcast, in every article. The cloud has many advantages. Why wouldn't you want to outsource all your costs of network management, storage, system administration? The cloud makes perfect sense but has one massive concern... security. Wouldn't it be nice if someone else could host your content, provide the search functionality, upgrade the systems, manage backups and the network access and yet you could have persistent control over the actual information itself?

Read the full article over on cmswire.com.

Friday Sep 24, 2010

Data loss prevention (DLP) solutions with document encryption

This week a new data sheet was approved which details the work done so far on integrating Oracle's industry leading document security solution with the top DLP vendors. The content of the data sheet is below and available as a PDF at the end of the article.

Organizations face the ongoing challenge of protecting their most sensitive information from being leaked. Two of the most popular solutions used to address this problem are Data Loss Prevention and Enterprise Rights Management. This datasheet explains how these technologies are highly complementary and advises how they can most effectively be used together to provide a complete data leakage solution. It also describes the integrations today between Oracle Information Rights Management and the DLP products from Symantec, McAfee, InfoWatch and Sophos.

 

Data Loss Prevention


Data Loss Prevention (DLP) technologies aim to prevent leaks of sensitive information. They do so by discovering sensitive information at rest, and monitoring and blocking sensitive information in motion, using content-aware scanning technology. The discovery, monitoring and blocking DLP components run either on the network (servers reaching out to scan repositories or intercepting network information flows) or on endpoints (end user computers or laptops).

 

 

Information Rights Management


Information Rights Management (IRM) also aims to prevent leaks of sensitive information. It does so by encrypting and controlling access to sensitive documents (and emails) so that regardless of how many copies are made, or where they proliferate (email, web, backups, etc.), they remain persistently protected and tracked. Only authorised users can access IRM-encrypted documents, and authorised users can have their access revoked at any time (even to locally made copies).

 

 

Complementary Solutions to Similar Problems


DLP and IRM address very similar problems, but in different and complementary ways:

  • DLP is well suited to situations where an organisation doesn't know where its sensitive information is being stored or sent. Content-aware DLP can map the proliferation of this sensitive information and direct remedial efforts, such as tightening existing access controls using blocking, quarantining or encrypting.
  • Out-of-the-box DLP remedial actions often prove to be disruptive to business workflows. Sensitive information is required for collaboration with certain third parties; configuring DLP to permit only the desired collaboration whilst preventing other data loss proves to be almost impossible.
  • Also DLP provides decisions about content at a point in time, e.g. can this user email this research document to a partner? However, 6 months later the organization may sever ties with the partner at which point the DLP rule may change; but this doesn't affect all the information that has flowed to this partner over the past 6 months. DLP cannot retroactively block access to information that it has previously been allowed to pass beyond its control to third parties.
  • Thus DLP customers are looking for a technology to allow secure collaboration triggered by their DLP solution.
  • IRM is well suited to situations where an organisation has relatively well defined business processes involving sensitive information, e.g. sharing intellectual property with partners, financial reporting, M&A, etc.. IRM-encrypting sensitive documents or emails ensures that all copies remain secured, regardless of their location.
  • IRM continues to work beyond the enterprise firewall or enterprise endpoints, so authorised end users on partner or home networks or endpoints can use IRM-encrypted documents without being able to make unencrypted copies. This access can be audited and revoked at any time, leaving previously authorised users with useless encrypted copies. IRM provides persistent protection, which means that you can revoke access to information at any time. One simple change in an IRM system can stop access to millions of documents shared with partners, customers or suppliers.
  • IRM protection requires any document to be encrypted. This can be manually actioned by an end user according to a corporate policy, but this reliance on a manual process may result in reduced uptake. To aid uptake and enforce policy many organizations automate the process via integrations with content management systems and enterprise applications. However many other sensitive documents are collaborated with that fall outside these perimeters.
  • Thus IRM customers are looking for a technology to detect sensitive data and trigger the IRM encryption process.

Integration Use Cases


From the above it should be clear that the combination of DLP and IRM will be more effective than either solution in isolation.

  1. DLP-discover and IRM-encrypt data at rest
    DLP is used to discover the proliferation of sensitive information (on endpoints and servers) and classify it in terms of its relative sensitivity. Sensitive classifications can then be IRM-encrypted to have persistent access rights in line with enterprise information security policy. For example DLP discovers a set of financial documents stored in a public file share and automatically protects them against an IRM classification that allows only the finance group to open the documents. The documents stay where they are, but IRM enforces the access controls.
  2. DLP-monitor and IRM-encrypt data in motion
    This time DLP monitoring is used to detect sensitive outbound information flows and to add IRM encryption as a remedial action for policy violations. For example a user attempts to email a sensitive document to a supplier, DLP detects this and uses IRM to protect the document but allows the email to continue onto its destination.
  3. DLP discovery of IRM-encrypted information at rest
    It is important that DLP scanners be enabled to scan IRM-encrypted documents and emails. This can be shallow scans (which verify the document is IRM-encrypted and check the IRM classification) to enable controlled sharing of suitably IRM-encrypted documents, or deep scanning (which temporarily decrypts the IRM-encrypted content) to verify that documents are encrypted to the correct IRM classification.
  4. DLP monitoring of IRM-encrypted information in motion
    Shallow scanning of IRM-encrypted documents could be used to ease potentially disruptive DLP blocking of sensitive outbound content. Certain IRM classifications could be allowed outbound while others could be blocked. Deep scanning could be used to add in content-aware policies and ensure consistency between DLP and IRM policies.

Integrating with DLP Vendors


Oracle has been requested by several customers and partners to integrate Oracle IRM with the leading DLP Vendors' solutions. Whilst all four of the above integration use cases are being scheduled on both Network and Endpoints, work has already been done today to support the following functionality.

Symantec DLP and Oracle IRM


Oracle and Symantec have collaborated to provide a solution that allows DLP to discover and automatically call IRM to encrypt data at rest. This results in sensitive documents being identified by DLP and then automatically encrypted with IRM. The encrypted files can then remain in their original location rather than being quarantined, but can only be opened by authorized users. The DLP product can also discover and monitor IRM-encrypted documents and then audit, quarantine or take no action depending on policy and context.

McAfee DLP and Oracle IRM


McAfee's Data Loss Prevention quickly delivers data security & actionable insight about the data at rest, in motion and in use across your organization. Protecting data requires comprehensive monitoring and controls from the USB drive to the firewall. The powerful combination of McAfee DLP and Oracle IRM automates the process of protecting your data, giving you confidence that policies are enforced consistently wherever your data needs to travel.

InfoWatch DLP and Oracle IRM


Oracle and InfoWatch have collaborated to provide a solution that controls information transferred via removable storage, optical media, web uploads and emails with attachments; as well as inspects contents of IRM-encrypted files and messages. The solution applies policies to prevent sensitive information leakage. A flexible policy can be configured to enforce IRM-encryption of sensitive emails. Digital fingerprinting of the IRM-encrypted content ensures that no parts or quotes of IRM-protected documents can leak outside the corporate network.

Sophos DLP and Oracle IRM


Oracle and Sophos have collaborated to provide a solution to control the transfer of IRM-encrypted information via removable storage, optical media, web uploads and email attachments. A policy can be configured to simply audit the transfer of IRM protected files or, if required, authorise the transfer of IRM protected files and block the transfer of non-IRM protected files.

 

And you can download the PDF version of this data sheet.

Friday Sep 17, 2010

Meet document security experts at Oracle Open World 2010

OpenWorld 2010 Logo.png
For the 3rd year running we will be at Oracle Open World! Andy Peet, Oracle IRM product manager and I will be at the whole Open World event in San Francisco. We will be presenting Oracle IRM on Wednesday, details below. We will also be in the demoGrounds area of Open World showing off the latest features of our 11g release. Feel free to come by and say hi!

<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
<>
Session Details
Session ID: S317363
Session Title: Client-Side Security as a Middleware Service
Date/Location: Wednesday, September 22, 1:00PM | Moscone South, Rm 310
Session Abstract: Information rights management technology is often used to protect highly sensitive information in constrained workflows. Although the technology could clearly provide value in a much wider range of use cases, organizations often face the challenge of training numerous staff members to start classifying their information and to make correct classification decisions. In this session, see how integrating IRM into an enterprise as an identity management service can complement an existing application stack. This can extend the enforcement of information classification policy out to the multitude of devices used to access sensitive information both online and offline around the globe, without the need to change most end user workflows.
Duration: 60 minutes
Speaker(s)/Company: Andy Peet, Oracle, Product Manager
Simon Thorpe, Product Expert

Improving ITAR compliance with Oracle IRM's document security

itar-certified.gif
I've worked with quite a few customers over the past few years around International Traffic in Arms Regulation (ITAR) compliance and other similar foreign national compliance law here in the US. We've had customers implement Oracle IRM solutions primarily to address their concerns over ITAR regulation and IRM is a great way to really address some of the challenges around controlling who has access to what (preventative controls) and also being able to show that you are able to control this access and provide reports (monitoring controls). ITAR can be quite confusing and the areas of information it covers quite vast.

 

What is ITAR?

Wikipedia is always a good start...
"International Traffic in Arms Regulations (ITAR) is a set of United States government regulations that control the export and import of defense-related articles and services on the United States Munitions List (USML). These regulations implement the provisions of the Arms Export Control Act (AECA), and are described in Title 22 (Foreign Relations), Chapter I (Department of State), Subchapter M of the Code of Federal Regulations. The Department of State interprets and enforces ITAR. Its goal is to safeguard US national security and further US foreign policy objectives."

 

Basically if your company creates any product or intellectual property that can be used to build a weapon then you need to ensure that information about your product is controlled and can only be accessed by "approved" persons. Essentially, the US government doesn't want advanced weapons ending up in Iran, Syria and other embargoed countries.

 

How does IRM help?


Let me take another phrase from the Wikipedia entry.

 

Under ITAR, a "US person" who wants to export USML items to a "foreign person" must obtain authorization from the US Department of State before the export can take place.

Put another way... If you want to share a document containing details on how your product works with, say for example, the Chinese partner who is building your product, you have to ensure only the authorized users get access to that information.

What does IRM do? It uses encryption and access control to ensure that only authorized users can open and access IRM secured documents. IRM obviously brings lots of benefits to ensuring you are meeting your ITAR compliance requirements.

  • Every document secured with IRM can only be opened by authorized users. The IRM technology can also communicate with any existing system that defines what users can access what.
  • IRM records every single access to secured content and also has a simple management interface to be able to view existing rights controls. So proving you are compliant is easy and simple.
  • Because IRM is a persistent document security technology, if a person is no longer authorized to access ITAR covered data (for example their Visa expires) then any documents they have in their possession can no longer be accessed. Oracle IRM centralizes access rights on a server, allowing your business to reflect changes in ITAR law, user restrictions and visa status without having to have physical access to the documents.

 

For more information on IRM and ITAR, please contact us. There is also a video which demonstrates engineering type information being access via a database based repository and how IRM enforces access control.

Tuesday Sep 07, 2010

Data loss, encryption & security in health care - is your medical data safe?

Over the past few months i've been spending more time with customers in the health care industry. Globally we are seeing an increase in security breaches of patient data, just look at the following examples of data loss in the last month alone...

 

EHR-records-connect.jpg
"Using IRM to encrypt and control access to patient data at the file level means no matter where the file is stored, it is always protected."
These are alarming numbers! As more and more medical and health care organizations are being mandated to move to electronic systems for storing your confidential medical information, these incidents are only going to rise. The modern world is full of new technology designed to make sharing information easier, networks are getting faster, storage devices bigger and threats to your data are increasing at the same rate. A recent study found that attempted attacks on health care organizations increased from an average of 6,500 per health care client per day in the first nine months of 2009 to an average of 13,400 per client per day in the last three months of 2009. As the UK's Liberal Democrat Robert Brown, said: "These are frightening figures. Central government, local councils, NHS boards and the police hold a great deal of information on all of us. Our data is in their hands and we need to know they are taking this responsibility seriously... Liberal Democrats called for an urgent review into data loss in January. I want to know what the government have done since then and why the situation has not improved."



Not improved? I'd like to know why it seems to be getting worse... This increase in activity is taking place in parallel to new laws trying to protect your information. Recent changes to legal acts, such as the Health Insurance Portability and Accountability (HIPAA) act in the US, define that health information must be secured and typically the key word is encryption. As an article on recent HIPAA changes in SC magazine mentions; "In the past, companies offered hard drives that used strong encryption. However, analysis showed that strong encryption was used but only to protect the password and not the data that was stored on the devices. The actual data stored on the hard drive was encrypted with an encryption algorithm developed by the company, which proved to be anything but strong. This illustrates the potential pitfalls of choosing any type of encryption package -- a lack of strong, secure encryption. Obviously, some encryption programs do a better job of protecting data than others, but how can a company choose the right one?" Robert-Brown-Lib-Dem.jpg
"The government is not in control of the situation. They need to get a grip on this right now."
Robert Brown MSP, Spokesperson on Justice

Encryption is a key method to securing information, so much so, that the HIPAA regulations say if your patient information is encrypted, you avoid fines and requirements to publicly notify government of any breach of data. So how do you choose the right way to use encryption? Start by looking at the way data is lost, it falls into a few common areas. Firstly the loss or theft of devices on which the information is stored, DVD's lost in the post, stolen laptops and mislaid USB data devices seem to dominate the news. Then every so often someone accidentally emails patient data to the wrong recipient or posts files online insecurely. Secondly look at the type of format the lost information is stored in;

  • Database exports/backups
  • Unstructured documents such as spreadsheets, PDF's, or emails
So many incidents involve the loss of laptops and storage devices that contain database backups or documents and emails that have either inadequate encryption or none at all.

Are there no decent technologies to address these problems?

Quite the opposite, now more than ever there are many products designed to address these issues by implementing encryption and access controls. Lets look at some of the solutions from Oracle which could significantly improve the security of patient information and massively reduce the risk of health care organizations being fined and publicly embarrassed.

 

database-application-document-security.jpg

Before I go into any detail, look at the diagram above which highlights patient information typically lives in three places. The database, the application or in a document. To ensure we use encryption and security effectively, we need to put solutions at all three areas. I'm only going to cover specific Oracle encryption technologies in the rest of this article. It is common sense the following should be part of a complete medical data security solution that uses identity & access management solutions, browser to application server network encryption (SSL over HTTPS) and other well known methods of information security.

 

Encrypting data at rest


Hard disk encryption is often touted as the answer to protecting data at rest. However in practice this addresses only a small area of the problem. When it comes to databases, performance is key. So encrypting the disks on which the medical databases reside can significantly impact system performance. Performance is everything in health care, timely access to patient data can be a matter of life and death. However with the Oracle database, encryption can be used within the database platform itself and here we can really reduce the impact of performance. Transparent Data Encryption (TDE) applied at the table space (the files which store information) has a minimal impact on performance and more importantly does not affect the ability to compress the data. The last thing you want is to start encrypting your database information to find that your previously effective compression is now useless and results in a doubling of the database storage requirements.

 

But encrypting the data in the database doesn't help when physicians are downloading spreadsheets of patient data from health applications and storing them on USB devices and laptops which are easily lost or stolen. Of course this is where Information Rights Management (IRM) comes into play. Using IRM to encrypt and control access to patient data at the file level means no matter where the file is stored, it is always protected.

 

Encrypting data in transit


In transit usually means when information is being transferred across a network. Encrypting database backups on DVD's and using IRM to protect files stored on USB keys falls under data at rest requirements. The same set of technologies in the Oracle database that protect information whilst it resides on the disks can also be applied as the database transmits information to the application over the network. Configuring the encryption of information on the network in the Oracle database is easy and requires no change to the application! Protecting patient information couldn't be easier.

 

Does IRM fit into securing data in transit? Of course, if the file is encrypted with IRM it doesn't matter how it is transferred over the network, it is always encrypted. As an attachment to an email, accidentally hosted on a public website or even stored in the database, IRM protected files are always secured no matter where they live or how they are transferred.

 

Encrypting data in use


Rarely do we see anyone discuss data in use. What do I mean by "in use"? When you access the health care application and look at a patient record, when you have open a spreadsheet or PDF and are printing it, copy and pasting it into other documents. This is a massive area of data loss and one that very few technologies can address. Mostly we see solutions about protecting information as it moves from the health systems to the users. Ensuring as it resides on storage devices and moves across networks, encryption and access controls provide security. Yet this leaves a gaping hole, how do you ensure people are allowed to use patient data in a secure manner?

 

Two technologies really help in this regard. Data loss prevention (DLP) technologies are a great way to detect the movement of patient information as it crosses application, network and storage boundaries. I might want to copy my patient records to a USB key or email the information to my home computer. DLP does a great job of detecting this activity, yet it is limited to only blocking and preventing it from taking place. In health care this is a serious problem, stopping people getting access to and using patient information can prevent the physician from delivering care. The last thing you want to stop is a surgeon being able to access critical information when someone's life depends on it.

Again IRM steps in to provide a solution. IRM combined with DLP can both detect and secure the use of patient data. IRM delivers some functionality that significantly improves the ability to protect patient data.


  • IRM documents are never decrypted back to their original form. Unlike document security technologies such as PGP, IRM controls access to the document at all times and the files are never decrypted to disk.
  • The clipboard is under total control, so patient data remains inside the document and cannot be copied into social networks, other documents or applications.
  • Screen shots are prevent with IRM technology, so images of patient data cannot easily be copied or reproduced insecurely.
  • Printing is also controlled, so many incidents of patient data loss have been from physical, paper copies of the information. IRM can prevent documents from being printed and therefore this exposure is prevented.

 

Friday Sep 03, 2010

Oracle IRM and Sophos DLP Integration

Sophos-logo.png
Continuing our theme on DLP and IRM, we've been working with leading DLP vendor Sophos to create integrations that bring IRM and DLP together. These integrations provide a richer set of security controls for protecting your most sensitive information, such as intellectual property, patient healthcare information (PHI), financial data as it flows around your enterprise networks and beyond. The video below demonstrates one of these integration use cases we are hearing a lot customers ask for, the need to ensure that only IRM protected documents can be copied onto USB devices and CD's to ensure the organization has persistent control over their most valuable content.

john-stringer.jpg
John Stringer, product manager at Sopho's comments,

DLP can be used to identify IRM-protected documents, audit their transfer and - where appropriate - apply IRM classification based on document content. This complements traditional methods for applying IRM such as manual classification by employees. At Sophos we're really excited about working with a number of IRM vendors, such as Oracle, to achieve exactly this.

The ultimate goal over the coming months with these integrations is to use DLP to maintain the policy which defines what you classify as confidential or sensitive information. DLP then implements these policies when it monitoring network traffic, searching across file repositories and watching the movement of information onto USB keys and other removable devices. When DLP finds unprotected information instead of simply blocking it it can apply an IRM policy inline with DLP to ensure that it becomes protected no matter where it ends up. Have a look at the video and feel free to contact us if you'd like to know more about what DLP and IRM can do together for you.


 

About

Oracle IRM protects and tracks your sensitive information no matter where it goes. It combines business friendly encryption with role based usage rights and auditing.

11g quick guide

Search

Archives
« July 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
  
       
Today